Delete old domain
Hi there, I am in a weird situation.
I had a child domain w2k3 R2 (a.me.com)
it crashed years ago (7 years), we removed it using ntdsutil and he created a new one with se same name.
2 weeks ago, the company merged with another (b.me.com), so I had to get rid off the child domain. I used dcpromo for the a.me.com (which cleared) and now on the AD domains and trusts I can see the a.me.com (old one).
Using the ntdsutil, in metadata I cannot remove the domain, (no site available) with the error:
sRemoveDsDomainW error 0x2015(The directory service can perform the requested operation only on a leaf object.).
Also, in Partition management, I can see: DC=DomainDnsZones,DC=a\0AD
ldap_delete_ext_sW error 0x20(32 (No Such Object).
I now that is a.me.com is the old one because in the ADSIEDIT and LDP.exe I can see the new a.me.com with different numbers: a\0ADEL:8dbf60e9-3d1d-4b97
The old one is still there and I cannot remove it.
please help
I had a child domain w2k3 R2 (a.me.com)
it crashed years ago (7 years), we removed it using ntdsutil and he created a new one with se same name.
2 weeks ago, the company merged with another (b.me.com), so I had to get rid off the child domain. I used dcpromo for the a.me.com (which cleared) and now on the AD domains and trusts I can see the a.me.com (old one).
Using the ntdsutil, in metadata I cannot remove the domain, (no site available) with the error:
sRemoveDsDomainW error 0x2015(The directory service can perform the requested operation only on a leaf object.).
Also, in Partition management, I can see: DC=DomainDnsZones,DC=a\0AD
ldap_delete_ext_sW error 0x20(32 (No Such Object).
I now that is a.me.com is the old one because in the ADSIEDIT and LDP.exe I can see the new a.me.com with different numbers: a\0ADEL:8dbf60e9-3d1d-4b97
The old one is still there and I cannot remove it.
please help
ASKER
Hello Mahesh,
Thanks for the reply but I have already tried these.
The results are:
On partition management:
partition management: delete nc DC=DomainDnsZones,DC=geri\
ldap_delete_ext_sW error 0x20(32 (No Such Object).
)
partition management: delete nc DC=geri\0ADEL:bb7cc7ce-96f
ldap_delete_ext_sW error 0x20(32 (No Such Object).
)
and on the metadata:
26 - DC=geri\0ADEL:bb7cc7ce-96f
select operation target: select domain 26
No current site
Domain - DC=geri\0ADEL:bb7cc7ce-96f
No current server
No current Naming Context
select operation target: q
metadata cleanup: remove selected domain
DsRemoveDsDomainW error 0x2015(The directory service can perform the requested operation only on a leaf object.)
Beyond that, I searched in ADSIEDIT and could not find the domain anywhere.
Please help!!!
Thanks for the reply but I have already tried these.
The results are:
On partition management:
partition management: delete nc DC=DomainDnsZones,DC=geri\
ldap_delete_ext_sW error 0x20(32 (No Such Object).
)
partition management: delete nc DC=geri\0ADEL:bb7cc7ce-96f
ldap_delete_ext_sW error 0x20(32 (No Such Object).
)
and on the metadata:
26 - DC=geri\0ADEL:bb7cc7ce-96f
select operation target: select domain 26
No current site
Domain - DC=geri\0ADEL:bb7cc7ce-96f
No current server
No current Naming Context
select operation target: q
metadata cleanup: remove selected domain
DsRemoveDsDomainW error 0x2015(The directory service can perform the requested operation only on a leaf object.)
Beyond that, I searched in ADSIEDIT and could not find the domain anywhere.
Please help!!!
Check below EE artilce for possible help
https://www.experts-exchange.com/questions/28083380/Cannot-Remove-Orphaned-Domain.html
https://www.experts-exchange.com/questions/28083380/Cannot-Remove-Orphaned-Domain.html
ASKER
Hello Mahesh,
this article explains exactly the same thing!!!!
To try removing the DNS zone from partition management from ntdsutil.
see attached file.
This is my problem.
I cannot delete the DNS zone from NTDSUTIL partition management.
Is there any other way to delete the DNS zone?
this article explains exactly the same thing!!!!
To try removing the DNS zone from partition management from ntdsutil.
see attached file.
This is my problem.
I cannot delete the DNS zone from NTDSUTIL partition management.
Is there any other way to delete the DNS zone?
ASKER
Is there anyone that can help me?
I believe there might be a solution using lingeringobjects but as far as I could understand, this can clean Domain Controller and not child domains.
I can't see any object that refers to any of the old domain controllers, either in ADSIEDIT not LDP.exe
Plz help!!
I believe there might be a solution using lingeringobjects but as far as I could understand, this can clean Domain Controller and not child domains.
I can't see any object that refers to any of the old domain controllers, either in ADSIEDIT not LDP.exe
Plz help!!
Are you able to view orphaned domain in the list of domains in ntdsutil ?
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q230306
Also are you running ntdsutil on server holding domain naming master role ?
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q230306
Also are you running ntdsutil on server holding domain naming master role ?
ASKER
Yes, I can. but I cannot remove it with the following error.
and when I try to remove the DomainDNSZone and the domain from partition management, I receive the following errors.
and when I try to remove the DomainDNSZone and the domain from partition management, I receive the following errors.
I think you need to use subtree control to delete orphaned domain from active directory
OR you could use some other name for child domain
Check below link for same
http://social.technet.microsoft.com/Forums/en-US/f6d20eeb-104f-49c9-816e-f0f266ce50a3/issues-to-create-child-domain-on-server-2008-r2?forum=windowsserver2008r2general
One more link
http://davehope.co.uk/Blog/removing-a-child-domain-that-no-longer-exists/
Please make some search on how to use subtree control to delete parent object including leaf object
OR you could use some other name for child domain
Check below link for same
http://social.technet.microsoft.com/Forums/en-US/f6d20eeb-104f-49c9-816e-f0f266ce50a3/issues-to-create-child-domain-on-server-2008-r2?forum=windowsserver2008r2general
One more link
http://davehope.co.uk/Blog/removing-a-child-domain-that-no-longer-exists/
Please make some search on how to use subtree control to delete parent object including leaf object
ASKER
Hello Mahesh,
I have managed to clear the lingering objects from all of my domain controllers (18 to be extact, including my child domains), but I think I am doing something wrong.
my error message was:
Source DC (Transport-specific network address):
2fcb78e7-e2ed-409f-8008-53
Object:
CN=NTDS Settings\0ADEL:dde6432e-79
Object GUID:
dde6432e-7940-4b63-87a1-71
Directory partition:
CN=Configuration,DC=sem,DC
Destination highest property USN:
132662975
and the remove lingeringobject I run was:
Repadmin /removeLingeringObjects sem-maindc.sem.com 89769c1e-f4b7-47ce-84bd-00
I think my error is: I am running the remove lingeringobject on DC=sem,DC=com,
while my error message indicates that the lingeringobject is located under "N=Sites,CN=Configuration,
A little help?
I have managed to clear the lingering objects from all of my domain controllers (18 to be extact, including my child domains), but I think I am doing something wrong.
my error message was:
Source DC (Transport-specific network address):
2fcb78e7-e2ed-409f-8008-53
Object:
CN=NTDS Settings\0ADEL:dde6432e-79
Object GUID:
dde6432e-7940-4b63-87a1-71
Directory partition:
CN=Configuration,DC=sem,DC
Destination highest property USN:
132662975
and the remove lingeringobject I run was:
Repadmin /removeLingeringObjects sem-maindc.sem.com 89769c1e-f4b7-47ce-84bd-00
I think my error is: I am running the remove lingeringobject on DC=sem,DC=com,
while my error message indicates that the lingeringobject is located under "N=Sites,CN=Configuration,
A little help?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So, let me get this right.
The command is:
repadmin /removelingeringobjects
a) <<ServerName>>
b) <<ServerGUID>>
c) <<DirectoryPartition>>
a) <<ServerName>> should be all my Domain Controllers:
sem-maindc.sem.com
DC1.Child-A.sem.com
DC2.Child-A.sem.com
DC1.Child-B.sem.com
DC2.Child-B.sem.com
etc
b) the <<ServerGUID>> that I have found the error 1988:
in my case sem-maindc2: 89769c1e-f4b7-47ce-84bd-00
c) <<DirectoryPartition>>
DC=SEM,DC=com
OR
CN=configuration,DC=SEM,DC
OR
CN=schema,CN=configuration
So, if I have 18 domain controller, including the correct one, I have to make copy paste three different commands for each 17 servers:
1) Repadmin /removeLingeringObjects <<a>> <<b>> DC=sem,DC=com
2) Repadmin /removeLingeringObjects <<a>> <<b>> CN=configuration,DC=SEM,DC
3) Repadmin /removeLingeringObjects <<a>> <<b>> CN=schema,CN=configuration
17 x 3 = 51
Right?
Because I had an information on one of the servers:
The following object was created on a remote directory service with an object name that already exists on the local directory service.
Object:
DC=_gc._tcp.Geri._sites,DC
Object GUID:
fb2e881e-e1f6-450d-9fbf-97
Existing object GUID:
ffe27fe3-d80e-4005-a571-73
The object with the following GUID will be renamed since the other object had this name more recently.
Object GUID:
fb2e881e-e1f6-450d-9fbf-97
Renamed object name:
_gc._tcp.Geri._sites
CNF:fb2e881e-e1f6-450d-9fb
Am I correct?
The command is:
repadmin /removelingeringobjects
a) <<ServerName>>
b) <<ServerGUID>>
c) <<DirectoryPartition>>
a) <<ServerName>> should be all my Domain Controllers:
sem-maindc.sem.com
DC1.Child-A.sem.com
DC2.Child-A.sem.com
DC1.Child-B.sem.com
DC2.Child-B.sem.com
etc
b) the <<ServerGUID>> that I have found the error 1988:
in my case sem-maindc2: 89769c1e-f4b7-47ce-84bd-00
c) <<DirectoryPartition>>
DC=SEM,DC=com
OR
CN=configuration,DC=SEM,DC
OR
CN=schema,CN=configuration
So, if I have 18 domain controller, including the correct one, I have to make copy paste three different commands for each 17 servers:
1) Repadmin /removeLingeringObjects <<a>> <<b>> DC=sem,DC=com
2) Repadmin /removeLingeringObjects <<a>> <<b>> CN=configuration,DC=SEM,DC
3) Repadmin /removeLingeringObjects <<a>> <<b>> CN=schema,CN=configuration
17 x 3 = 51
Right?
Because I had an information on one of the servers:
The following object was created on a remote directory service with an object name that already exists on the local directory service.
Object:
DC=_gc._tcp.Geri._sites,DC
Object GUID:
fb2e881e-e1f6-450d-9fbf-97
Existing object GUID:
ffe27fe3-d80e-4005-a571-73
The object with the following GUID will be renamed since the other object had this name more recently.
Object GUID:
fb2e881e-e1f6-450d-9fbf-97
Renamed object name:
_gc._tcp.Geri._sites
CNF:fb2e881e-e1f6-450d-9fb
Am I correct?
That's right
Your server Guid should be your PDC server only every time (PDC is having up to date AD database all the time) OR your all servers that is getting 1988 event
and servername should be all domain controllers
I suggest you to run command again and again until it stop to generate event id 1945 in directory events on affected server (Where lingering objects are found - infact all domain controllers)
Mahesh
Your server Guid should be your PDC server only every time (PDC is having up to date AD database all the time) OR your all servers that is getting 1988 event
and servername should be all domain controllers
I suggest you to run command again and again until it stop to generate event id 1945 in directory events on affected server (Where lingering objects are found - infact all domain controllers)
Mahesh
ASKER
Hello Mahesh,
I've run this script for lingeringobjects twice.
now on one of the domain controllers, I am receiving these errors:
and I am still not able to remove the partition from NTDSUTIL.
Regards
I've run this script for lingeringobjects twice.
now on one of the domain controllers, I am receiving these errors:
and I am still not able to remove the partition from NTDSUTIL.
Regards
ASKER
I've requested that this question be closed as follows:
Accepted answer: 0 points for semltd's comment #a39957034
for the following reason:
I have managed to resolve my problem using this procedure and removed all lingeringobjects
Accepted answer: 0 points for semltd's comment #a39957034
for the following reason:
I have managed to resolve my problem using this procedure and removed all lingeringobjects
ASKER
Hello Mahesh,
after a while, I tried to remove the partitions from NTDSUTIL.
partition management: delete nc DC=DomainDnsZones,DC=geri\
partition management: delete nc DC=geri\0ADEL:bb7cc7ce-96f
Thank you for your assistance
after a while, I tried to remove the partitions from NTDSUTIL.
partition management: delete nc DC=DomainDnsZones,DC=geri\
partition management: delete nc DC=geri\0ADEL:bb7cc7ce-96f
Thank you for your assistance
http://support.microsoft.com/kb/887424
Also check below article might be help
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q230306
Mahesh